April 2011 E-newsletter
When Monique Sendze started as IT director at Colorado's Douglas County Libraries in late 2009, she was instantly impressed. "We were doing a lot of things the right way," she says of initiatives such as radio frequency identification tagging and automatic book checkout. But when it came to the core enterprise systems, the library had some work to do.
An aggressive strategy to bolster its back-end IT infrastructure would help the library support strategic customer-facing projects. But to meet those goals in the face of budget and staffing cuts, Sendze says the organization needed to be agile and watch costs.
Her concerns led her straight toward cloud computing, which has attracted attention for its fast rollout, reduced support needs, consistent user interface and quick return on investment. "It was a no-brainer," Sendze says.
The advantages are hard to ignore, which is why 39 percent of state CIOs have already ventured into the world of cloud computing and another 54 percent are investigating it, according to a 2010 survey by the National Association of State Chief Information Officers. But what's not always clear is whether a public or a private cloud is the best option.
There's no easy answer. A public cloud, available on demand through service providers to the general public, might be ideal for one agency, allowing it to deploy technologies without worrying about infrastructure, maintenance or support. However, agencies that deal with sensitive, regulated or mission-critical data or require customization might be better off building a private cloud dedicated solely to its users.
Fortunately, it's not an either/or scenario. Plenty of agencies are moving some projects to public clouds and others to private clouds. Or they're turning to hosting and managed services providers, which maintain and manage private clouds for them.
"Then there's always the discussion around hybrid clouds," says Ron Vinson, director of media services for the city and county of San Francisco. "Not many are doing it, but they want to hear more. It's definitely been talked about in the past year."
San Francisco, which uses both public and private clouds, doesn't have experience with a hybrid cloud, but it has discussed with cloud providers how it would work in a disaster recovery scenario, explains CIO Jon Walton. In case of a disaster, the city would be able to recover data that typically sits on a private cloud by pulling it up on a public cloud, availing itself of a larger pool of resources available in an instant.
"It is a culture change for government in how we deliver services," says Walton.
E-mail is one of the most common applications to move to a public cloud because the cost savings can be so significant -- $2 to $3 per user per month versus an average of $10 per user to manage the hardware, software, power, licenses and labor in-house, according to David Mitchell Smith, vice president at research firm Gartner.
That's how Sendze got started with the cloud. She chose the Microsoft Business Productivity Online Standard Suite (BPOS) messaging and collaboration service to replace the Douglas County Libraries' proprietary e-mail system.
Because users were familiar with Outlook, and BPOS had all the features she was seeking, it was an obvious choice. "If you want to host a Microsoft system, who better to host it than Microsoft?" says Sendze. "It's been amazing." The package has far more features, including SharePoint, Office Communications, Live Meeting and mailboxes that are 50 times bigger, but it costs less annually than the library was paying for the old system.
Before going to the public cloud, Sendze carefully considered the security issues and the service level agreement. The fact that the library's data is segmented from other customers' data, coupled with an SLA with a money-back guarantee, gave her peace of mind.
Another consideration, says Sendze, is the ease of getting a project off the ground with a public cloud. A new e-mail system had been on the library's to-do list for a few years, but the staff had neither enough time nor the appropriate skills to pull off such a complex project. By outsourcing it to a public cloud provider, Sendze was able to deploy the system in a matter of weeks.
Microsoft also takes care of the upgrades, though Sendze says that's a double-edged sword. While it's less work for her team, she has no control over when upgrades take place; she has to go by Microsoft's schedule.
But overall, she says, the advantages far outweigh the disadvantages. "I would not trade this experience."
Another challenge when moving to a public cloud is bandwidth, says Walton. When the San Francisco city and county departments first started running their websites from the cloud, the IT team was surprised at how quickly they were consuming the bandwidth allocated. They soon realized that accessing the cloud would place a far higher demand on network resources, so they had to go back to their providers and work out a long-term solution.
"The more you move things to a public cloud, the more you have to pay attention to the network layer for your organization," says Walton.
He advises starting the transition to cloud computing slowly so you can learn about it without major consequences. "Start small and get over some of the cultural inertia of doing things the traditional way."
A Private Matter
As with many organizations, data center consolidation led Washington, D.C., toward virtualization and, eventually, cloud computing. There was enough sensitive data involved that a private cloud made sense. Plus, the district had the expertise and resources needed to build its own cloud, says interim CTO Robert Mancini.
Washington's private cloud offers many of the same advantages as public clouds: efficiencies, cost savings, agility and responsiveness. It also allows the IT staff to easily test new technologies and upgrades. But building a private cloud has given the district a decided edge: "It educates us on what these technologies can do," says Mancini. The district uses some public cloud services, so that knowledge is invaluable when negotiating contracts with providers.
Then there are the disadvantages. Because of the district's complex infrastructure, it has to work hard to retain IT talent and maintain its budget. Plus, it misses out on one of the biggest advantages of public clouds: multitenancy, which lets multiple users share computing resources so they can instantly increase those resources when needed or scale back when demand drops.
One way to minimize such disadvantages is by building community clouds -- private clouds that are built and maintained by a group of users. It's becoming increasingly common within the federal government, says Gartner's Smith. "It's broader than private but not quite public," he explains.
Leave It to the Pros
Another cloud option is a hosting and managed services provider, which fit the bill when the city of McKinney, Texas, went searching for a new location for its data center after a flood last October. CIO Chris Chiancone, a former application developer who joined the city a month before the flood, turned to CDW·G to service a contract with Houston-based CyrusOne, a hosting facility, and Thinkbox Technology Group, a program management company that coordinated the move.
Photo: Dan Bryant
"Could I build my own?" asks Chiancone. "Sure, but it will probably be smoother and more cost-effective to get someone who specializes in this to do it." He notes that outsourcing the back-end infrastructure frees his team to spend more time on customer-facing technologies. "I would prefer to put users' dreams on the screen rather than spend a lot of time messing with the infrastructure," he says.
Meanwhile, as the IT staff focuses on applications, Chiancone can rest assured that the infrastructure is in a secure location not exposed to brownouts or blackouts. Plus, the cloud offers five options for carriers as opposed to the one he had when he was managing the infrastructure in McKinney.
Outsourcing the data center also brings a more modern infrastructure and greater flexibility to test new tools. Before the cloud, it could take months, if not years, to research, test, deploy and train staff to use new technologies. Because of the fast deployment time and pay-per-use scalability of cloud computing, it's far easier to deliver what users want and need.
"My end users are my experts," says Chiancone. "Drop the ego at the door. IT is a service-based organization, and we need to deliver the services that our customers ask of us."
Enterprises that anticipate using private clouds by the end of 2012
SOURCE: "Cloudrise: Rewards and Risks at the Dawn of Cloud Computing," 2010, Accenture Institute for High Performance
At the Ready
In late 2009, representatives from Microsoft stopped by the city of Miami to brief the IT team on Windows Azure, a platform as a service that enables customers to build their own applications using .NET, and then host them on Azure.
Watching the presentation, the city's IT team had a revelation. It was planning to build a portal that would let citizens check online for status updates on their 311 requests -- fixing potholes, removing dead animals, reporting illegal trash dumping -- and see what other requests were filed in their areas. The team realized Azure was the ideal platform for the 311 portal.
Following the department's traditional development methodology would have taken months, says Assistant IT Director Derrick Arias. With Azure, however, the city had the portal up and running within eight business days. "It was sort of this perfect storm," he says.
"It's going very well," Arias says, adding that it's just the start. His team developed the portal with plans to use it as a template for other applications. It proved its worth last August, when a tropical storm appeared to be headed straight for Miami. The IT team copied the 311 portal application and database, made a few adjustments (for example, changing labels on data fields), and in a matter of hours, it had an application to assess storm damage and track and manage the cleanup and repair work.
"That was an afternoon's worth of work for our team," says Arias. "You have the benefit of having the infrastructure there when that peak comes, but you only pay for it when you need it." Even if the application hadn't turned out as expected, it would have been easy to scrap it and start from scratch.
Go to statetechmag.com/cloud211 to read about three types of cloud options.
Arias intends to use Azure for other day-to-day operations, but he doesn't plan to make a wholesale shift to public cloud computing. "It's not something we're going to move everything to," he says. The 311 portal was a new application, but moving a legacy system would be far more complex. And some applications, such as those operated by the fire and police departments, are too critical to entrust to outsiders, he says.
"I think everybody should really look at the cloud," adds Arias. But, he cautions, "Step into it carefully. I don't think it's a one-size-fits-all."
Clearing the Air
Here are some factors to consider before moving to the cloud:
- Ask public cloud providers for references that closely match the structure of your organization in terms of size, staff and resources.
- For private clouds, consider leasing equipment that can be regularly replaced rather than making long-term capital investments.
- Because you don't have control over public cloud infrastructure, make sure there's strong user identification and encryption in place.
- If you're bound by regulatory requirements, ask cloud providers where data is housed and who has access to it.
- Don't sign a contract without a provision for breaking it if you're not happy with the service.
- Ask providers about their disaster recovery procedures.
- Don't reduce staff until you've had time to truly assess the strengths and weaknesses of the cloud. If it doesn't work as expected or you have long waits to get issues resolved, it could wind up causing more problems than it solves.
Ready to try out the cloud? Here are three options:
1. Software as a Service (SaaS): Often geared toward the end user who needs access through a web browser or other thin client interface, SaaS provides access to applications hosted on a service provider's cloud infrastructure.
An organization can find just about any general office application available via the SaaS model. Customer relationship management, calendaring, e-mail and human resources management are among some of the more common applications delivered as services from the cloud infrastructure.
For IT departments, IT service management, spam filtering, intrusion prevention and other traditional security software are among the application types increasingly available via the SaaS model.
With SaaS, the user organization neither owns the application nor the associated servers, operating systems, storage, network or other IT resources required for its support and delivery. The applications essentially come as-is, with little to no opportunity to tweak user preferences.
Pro: Little to no infrastructure or staff resources required
Con: Not customizable
2. Platform as a Service (PaaS): Derived from the SaaS model, PaaS caters to developers' needs. Rather than simply delivering prepackaged applications via the cloud infrastructure, as is the case with SaaS, a PaaS provider offers up the entire computing platform and solutions stack needed for an application.
With PaaS, organizations can deploy acquired or custom applications without incurring the associated upfront provisioning and ongoing maintenance and management costs of the underlying infrastructure. The user organization has application control, the caveat often being that the developers must be comfortable with the PaaS provider's choices for programming languages, interfaces, development tools, database support and the like.
Pro: Can customize applications
Con: Must use the PaaS provider's programming languages, tools and other resources
3. Infrastructure as a Service (IaaS): This service model enables user organizations to forgo deployment of new data center equipment to handle growing operational needs. Rather, an organization obtains needed IT infrastructure from a cloud services provider, often via a self-service catalog.
While a user organization can run applications, databases, operating systems and other software on top of its selected infrastructure, it has no direct control over or access to those machines. The cloud services provider manages the infrastructure, including any scaling up or down as needed.
Infrastructure as a Service is similar in concept to a traditional dedicated hosting service, with two major differences: Organizations tap into a shared, highly scalable pool of resources, and they pay for only what's used on a utility basis. In other words, organizations neither have to preorder nor pay for dedicated gear sitting in an outsourced data center.
Pro: Limitless infrastructure at the ready
Con: Must share virtual infrastructure with other customers